Wednesday, June 04, 2014

Google sends an encrypted message to the NSA: End to End

Google probably feels like they've been played like a toy by the NSA and GHCQ. They may even feel like they have to cooperate with security and intelligence agencies in order to stay in business. But today, it seems that they've decided it's time to speak up and root for their customers. Today, they've announced an open source tool, End To End, a tool to provide end-to-end encryption of customer email.

I've wanted something like this for a long, long time. As a wandering technology worker, I've had numerous potential employers suggest that I could send personally identifiable information via email. Sure, I'll just send you my life story with my social security number in plain text for all to see. Few people understand that email is sent over clear text, not an encrypted tunnel, for anyone with a packet sniffer to see. That is how important this is. Finally, we can send encrypted messages with ease and confidence. Yes, dear NSA, there are good uses for encryption.

Google, feeling the heat from other countries and fearing the potential loss of customers, decided to raise the bar and offer complete encryption for email. They're using a well known encryption standard, Pretty Good Privacy, aka, PGP, as implemented in OpenPGP. This will be a new Chrome extension that makes it easy to encrypt email and send it to another person, encrypted.

Since it will be an open source tool, programmers and hackers alike can see how it works and make it better, more secure, in an open, transparent process so that all who care to check for themselves, can see that it's secured. That's the beauty of open source software. Anyone with an interest can participate and collaborate together, to reach a common goal.

Touche, NSA.
Post a Comment